//package com.clw.template.config;
//
//import com.clw.template.bo.AdminUserDetails;
//import com.clw.template.component.JwtAuthenticationTokenFilter;
//import com.clw.template.component.RestAuthenticationEntryPoint;
//import com.clw.template.component.RestfulAccessDeniedHandler;
//import com.clw.template.entity.SysAdmin;
//import com.clw.template.service.ISysAdminService;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.boot.web.servlet.FilterRegistrationBean;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.core.annotation.Order;
//import org.springframework.http.HttpMethod;
//import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
//import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
//import org.springframework.security.config.annotation.web.builders.HttpSecurity;
//import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
//import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
//import org.springframework.security.config.http.SessionCreationPolicy;
//import org.springframework.security.core.userdetails.UserDetailsService;
//import org.springframework.security.core.userdetails.UsernameNotFoundException;
//import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
//import org.springframework.security.crypto.password.PasswordEncoder;
//import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
//import org.springframework.web.cors.CorsConfiguration;
//import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
//import org.springframework.web.filter.CorsFilter;
//
//
//@Configuration
//@EnableWebSecurity
//@EnableGlobalMethodSecurity(prePostEnabled = true)
//public class MultiHttpSecurityConfig {
//
//    @Autowired
//    ISysAdminService sysUserService;
//    @Autowired
//    RestfulAccessDeniedHandler restfulAccessDeniedHandler;
//    @Autowired
//    RestAuthenticationEntryPoint restAuthenticationEntryPoint;
//
//
//    @Configuration
//    @Order(1)
//    public class AdminSecurityConfigAdapter extends WebSecurityConfigurerAdapter {
//
//        /**
//         * 用于配置需要拦截的url路径、jwt过滤器及出异常后的处理器
//         * @param httpSecurity
//         * @throws Exception
//         */
//        @Override
//        protected void configure(HttpSecurity httpSecurity) throws Exception {
//            httpSecurity.csrf()// 由于使用的是JWT，我们这里不需要csrf
//                    .disable()
//                    .sessionManagement()// 基于token，所以不需要session
//                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                    .and().antMatcher("/admin/**")
//                    .formLogin()
//                    .and()
//                    .authorizeRequests()
//                    .antMatchers(HttpMethod.GET,// 允许对于网站静态资源的无授权访问
//                            "/",
//                            "/*.html",
//                            "/favicon.ico",
//                            "/**/*.html",
//                            "/**/*.css",
//                            "/**/*.js",
//                            "/swagger-resources/**",
//                            "/v2/api-docs/**", "/webjars/**"
//                    )
//                    .permitAll()
//                    .antMatchers("/admin/login", "/admin/register", "/wx/auth/login")// 对登录注册要允许匿名访问
//                    .permitAll()
//                    .antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
//                    .permitAll()
//                    .antMatchers("/**")//测试时全部运行访问
//                    .permitAll()
//                    .and()  //配置拦截
//                    .authorizeRequests()
//                    .antMatchers("/admin/**")
//                    .hasAnyRole("ADMIN","L1");
//                    /*.anyRequest()// 除上面外的所有请求全部需要鉴权认证
//                    .authenticated();*/
//            // 禁用缓存
//            httpSecurity.headers().cacheControl();
//            // 添加JWT filter
//            httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//            //添加自定义未授权和未登录结果返回
//            httpSecurity.exceptionHandling()
//                    .accessDeniedHandler(restfulAccessDeniedHandler)
//                    .authenticationEntryPoint(restAuthenticationEntryPoint);
//        }
//
//        @Override
//        protected void configure(AuthenticationManagerBuilder auth) throws Exception{
//            auth.userDetailsService(userDetailsService())
//                    .passwordEncoder(passwordEncoder());
//        }
//
//
//    }
//
//    @Configuration
//    @Order(2)
//    public class MemberSecurityConfigAdapter extends WebSecurityConfigurerAdapter {
//
//        /**
//         * 用于配置需要拦截的url路径、jwt过滤器及出异常后的处理器
//         * @param httpSecurity
//         * @throws Exception
//         */
//        @Override
//        protected void configure(HttpSecurity httpSecurity) throws Exception {
//            httpSecurity.csrf()// 由于使用的是JWT，我们这里不需要csrf
//                    .disable()
//                    .sessionManagement()// 基于token，所以不需要session
//                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                    .and()
//                    .antMatcher("/wx/**")
//                    .formLogin()
//                    .and()
//                    .authorizeRequests()
//                    .antMatchers(HttpMethod.GET,// 允许对于网站静态资源的无授权访问
//                            "/",
//                            "/*.html",
//                            "/favicon.ico",
//                            "/**/*.html",
//                            "/**/*.css",
//                            "/**/*.js",
//                            "/swagger-resources/**",
//                            "/v2/api-docs/**", "/webjars/**"
//                    )
//                    .permitAll()
//                    .antMatchers(HttpMethod.OPTIONS)//跨域请求会先进行一次options请求
//                    .permitAll()
//                    .antMatchers("/**")//测试时全部运行访问
//                    .permitAll()
//                    .and()  //配置拦截
//                    .authorizeRequests()
//                    .antMatchers("/wx/**")
//                    .hasAnyRole("WX");
//                   /* .anyRequest()// 除上面外的所有请求全部需要鉴权认证
//                    .authenticated();*/
//            // 禁用缓存
//            httpSecurity.headers().cacheControl();
//            // 添加JWT filter
//            httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//            //添加自定义未授权和未登录结果返回
//            httpSecurity.exceptionHandling()
//                    .accessDeniedHandler(restfulAccessDeniedHandler)
//                    .authenticationEntryPoint(restAuthenticationEntryPoint);
//        }
//
//        /*@Override
//        protected void configure(AuthenticationManagerBuilder auth) throws Exception{
//            auth.userDetailsService(userDetailsService2())
//                    .passwordEncoder(passwordEncoder());
//        }*/
//
//
//
//    }
//
//    @Configuration
//    @Order(3)
//    public class OtherSecurityConfigurationAdapter extends WebSecurityConfigurerAdapter {
//        protected void configure(HttpSecurity http) throws Exception {
//            http.csrf()// 由于使用的是JWT，我们这里不需要csrf
//                    .disable()
//                    .sessionManagement()// 基于token，所以不需要session
//                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
//                    .and()
//                    .authorizeRequests()
//                    .antMatchers(HttpMethod.GET, // 允许对于网站静态资源的无授权访问
//                            "/",
//                            "/*.html",
//                            "/favicon.ico",
//                            "/**/*.html",
//                            "/**/*.css",
//                            "/**/*.js",
//                            "/swagger-resources/**",
//                            "/v2/api-docs/**"
//                    )
//                    .permitAll();//其他请求放行
//
//            // 添加JWT filter
//            http.addFilterBefore(jwtAuthenticationTokenFilter(), UsernamePasswordAuthenticationFilter.class);
//        }
//
//
//    }
////
////    @Bean(name = "userDetailsService")
////    public UserDetailsService userDetailsService(){
////        //获取登录用户信息
////        return username -> {
////            SysAdmin admin = sysUserService.lambdaQuery().eq(SysAdmin::getUsername,username).eq(SysAdmin::getStatus,true).one();
////            if (admin != null){
//////                List<UmsPermission> permissionList = adminService.getPermissionList(admin.getId());
////                return new AdminUserDetails();
////            }
////            throw new UsernameNotFoundException("用户名或密码错误");
////        };
////    }
//    /*@Bean(name = "userDetailsService2")
//    public UserDetailsService userDetailsService2(){
//        //获取登录用户信息
//        return openId -> {
//            ZqUser user = iZqUserService.selectByOppenId(openId);
//            if (user != null){
////                List<HrMemberPermission> permissionList = memberHrUserService.getPermissionList(admin.getId());
//                return new WxUserDetails(user);
//            }
//            throw new UsernameNotFoundException("用户名或密码错误");
//        };
//    }*/
//
//
//    @Bean
//    public static PasswordEncoder passwordEncoder() {
//        return new BCryptPasswordEncoder();
//    }
//
//
//    @Bean
//    public JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter(){
//        return new JwtAuthenticationTokenFilter();
//    }
//
//    /**
//     * 允许跨域调用的过滤器
//     * @return
//     */
//    @Bean
//    public CorsFilter corsFilter(){
//        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
//        CorsConfiguration config = new CorsConfiguration();
//        config.addAllowedOrigin("*");
//        config.setAllowCredentials(true);
//        config.addAllowedHeader("*");
//        config.addAllowedMethod("*");
//        source.registerCorsConfiguration("/**",config);
//        FilterRegistrationBean bean = new FilterRegistrationBean(new CorsFilter(source));
//        bean.setOrder(0);
//        return new CorsFilter(source);
//    }
//
//
//
//}
